General

  • Target

    X0GKI_random.exe

  • Size

    1.8MB

  • Sample

    250122-rmwgqaznhx

  • MD5

    8f6006d1557aeb30e207047242dcbdc1

  • SHA1

    a6d4e457baf80f9f8a99907a7cce6561eda71123

  • SHA256

    3483af82c56b4169e02ddcd45e9bf57533de63084aa61f41810f53834ed22751

  • SHA512

    366dda85fa946eb3f2639e9940621a786fb1cd10303d5afed7eebfa6c5431b7fd59cb35a4949797bcdd76efeccbccaea11b0e3eba793b6e14f22aff7b51a3962

  • SSDEEP

    49152:4WAB5z7kqVGcMTS97kCSHUUCqEpgXnjJaI/PJ:4Wep4qVr9QHUUEpSnjJaIHJ

Malware Config

Extracted

Family

lumma

C2

https://measlyrefusz.biz/api

https://impolitewearr.biz/api

https://toppyneedus.biz/api

https://lightdeerysua.biz/api

https://suggestyuoz.biz/api

https://hoursuhouy.biz/api

https://mixedrecipew.biz/api

https://affordtempyo.biz/api

https://pleasedcfrown.biz/api

Targets

    • Target

      X0GKI_random.exe

    • Size

      1.8MB

    • MD5

      8f6006d1557aeb30e207047242dcbdc1

    • SHA1

      a6d4e457baf80f9f8a99907a7cce6561eda71123

    • SHA256

      3483af82c56b4169e02ddcd45e9bf57533de63084aa61f41810f53834ed22751

    • SHA512

      366dda85fa946eb3f2639e9940621a786fb1cd10303d5afed7eebfa6c5431b7fd59cb35a4949797bcdd76efeccbccaea11b0e3eba793b6e14f22aff7b51a3962

    • SSDEEP

      49152:4WAB5z7kqVGcMTS97kCSHUUCqEpgXnjJaI/PJ:4Wep4qVr9QHUUEpSnjJaIHJ

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.